Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit edaed168 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 

Pull x86/pti update from Thomas Gleixner:
 "Just a single change from the anti-performance departement:

   - Add a new PR_SPEC_DISABLE_NOEXEC option which allows to apply the
     speculation protections on a process without inheriting the state
     on exec.

     This remedies a situation where a Java-launcher has speculation
     protections enabled because that's the default for JVMs which
     causes the launched regular harmless processes to inherit the
     protection state which results in unintended performance
     degradation"

* 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/speculation: Add PR_SPEC_DISABLE_NOEXEC
parents 78f86013 71368af9

Documentation/userspace-api/spec_ctrl.rst

+15 −12
Original line number Diff line number Diff line
@@ -39,6 +39,8 @@ Bit Define Description 
                            enabled.

3    PR_SPEC_FORCE_DISABLE  Same as PR_SPEC_DISABLE, but cannot be undone. A

                            subsequent prctl(..., PR_SPEC_ENABLE) will fail.

4    PR_SPEC_DISABLE_NOEXEC Same as PR_SPEC_DISABLE, but the state will be

                            cleared on :manpage:`execve(2)`.

==== ====================== ==================================================



If all bits are 0 the CPU is not affected by the speculation misfeature.
@@ -92,6 +94,7 @@ Speculation misfeature controls 
   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE_NOEXEC, 0, 0);



- PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes

                        (Mitigate Spectre V2 style attacks against user processes)

arch/x86/kernel/cpu/bugs.c

+12 −0
Original line number Diff line number Diff line
@@ -798,15 +798,25 @@ static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) 
		if (task_spec_ssb_force_disable(task))

			return -EPERM;

		task_clear_spec_ssb_disable(task);

		task_clear_spec_ssb_noexec(task);

		task_update_spec_tif(task);

		break;

	case PR_SPEC_DISABLE:

		task_set_spec_ssb_disable(task);

		task_clear_spec_ssb_noexec(task);

		task_update_spec_tif(task);

		break;

	case PR_SPEC_FORCE_DISABLE:

		task_set_spec_ssb_disable(task);

		task_set_spec_ssb_force_disable(task);

		task_clear_spec_ssb_noexec(task);

		task_update_spec_tif(task);

		break;

	case PR_SPEC_DISABLE_NOEXEC:

		if (task_spec_ssb_force_disable(task))

			return -EPERM;

		task_set_spec_ssb_disable(task);

		task_set_spec_ssb_noexec(task);

		task_update_spec_tif(task);

		break;

	default:
@@ -885,6 +895,8 @@ static int ssb_prctl_get(struct task_struct *task) 
	case SPEC_STORE_BYPASS_PRCTL:

		if (task_spec_ssb_force_disable(task))

			return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;

		if (task_spec_ssb_noexec(task))

			return PR_SPEC_PRCTL | PR_SPEC_DISABLE_NOEXEC;

		if (task_spec_ssb_disable(task))

			return PR_SPEC_PRCTL | PR_SPEC_DISABLE;

		return PR_SPEC_PRCTL | PR_SPEC_ENABLE;

arch/x86/kernel/process.c

+12 −0
Original line number Diff line number Diff line
@@ -255,6 +255,18 @@ void arch_setup_new_exec(void) 
	/* If cpuid was previously disabled for this task, re-enable it. */

	if (test_thread_flag(TIF_NOCPUID))

		enable_cpuid();



	/*

	 * Don't inherit TIF_SSBD across exec boundary when

	 * PR_SPEC_DISABLE_NOEXEC is used.

	 */

	if (test_thread_flag(TIF_SSBD) &&

	    task_spec_ssb_noexec(current)) {

		clear_thread_flag(TIF_SSBD);

		task_clear_spec_ssb_disable(current);

		task_clear_spec_ssb_noexec(current);

		speculation_ctrl_update(task_thread_info(current)->flags);

	}

}



static inline void switch_to_bitmap(struct thread_struct *prev,

include/linux/sched.h

+5 −0
Original line number Diff line number Diff line
@@ -1453,6 +1453,7 @@ static inline bool is_percpu_thread(void) 
#define PFA_SPEC_SSB_FORCE_DISABLE	4	/* Speculative Store Bypass force disabled*/

#define PFA_SPEC_IB_DISABLE		5	/* Indirect branch speculation restricted */

#define PFA_SPEC_IB_FORCE_DISABLE	6	/* Indirect branch speculation permanently restricted */

#define PFA_SPEC_SSB_NOEXEC		7	/* Speculative Store Bypass clear on execve() */



#define TASK_PFA_TEST(name, func)					\

	static inline bool task_##func(struct task_struct *p)		\
@@ -1481,6 +1482,10 @@ TASK_PFA_TEST(SPEC_SSB_DISABLE, spec_ssb_disable) 
TASK_PFA_SET(SPEC_SSB_DISABLE, spec_ssb_disable)

TASK_PFA_CLEAR(SPEC_SSB_DISABLE, spec_ssb_disable)



TASK_PFA_TEST(SPEC_SSB_NOEXEC, spec_ssb_noexec)

TASK_PFA_SET(SPEC_SSB_NOEXEC, spec_ssb_noexec)

TASK_PFA_CLEAR(SPEC_SSB_NOEXEC, spec_ssb_noexec)



TASK_PFA_TEST(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)

TASK_PFA_SET(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)

include/uapi/linux/prctl.h

+1 −0
Original line number Diff line number Diff line
@@ -219,6 +219,7 @@ struct prctl_mm_map { 
# define PR_SPEC_ENABLE			(1UL << 1)

# define PR_SPEC_DISABLE		(1UL << 2)

# define PR_SPEC_FORCE_DISABLE		(1UL << 3)

# define PR_SPEC_DISABLE_NOEXEC		(1UL << 4)



/* Reset arm64 pointer authentication keys */

#define PR_PAC_RESET_KEYS		54